Discussion of Problems due to Hardened Security

Discussions related to using VirtualBox on Windows hosts.
Locked
HF
Posts: 31
Joined: 3. Dec 2014, 01:01

Re: Discussion of Problems due to Hardened Security

Post by HF »

In our case, the reason VirtualBox fails to run past version 4.3.16 is because of BeyondTrust's PowerBroker which our employer requires on all our machines.

Has anyone compiled a version of VB using the public sources to remove the hardening?
another1
Posts: 3
Joined: 20. Jul 2014, 05:24

Re: Discussion of Problems due to Hardened Security

Post by another1 »

My system:
ASUS Zenbook
4G RAM
128G SSD
Host: Win7 sp1
Guest: Ubuntu 14.04

I have used VB for about 2 years. I had Norton 360 and I think I had inadvertently gotten McAffee also (because some upgrade - Java? - had it as a default that I failed to catch) I initially had a problem with the hardened security when it was initially released (4.3.14 and 4.3.16). But by about 4.3.20 it was working. No problems until 4.3.28. In 4.3.28, my machine was getting hot. I sometimes use a lot of tabs in my firefox browser on the guest. I didn't think much of this 'problem' and didn't know if it related to VB.

Before upgrading to 4.3.30, I: 1) changed from Norton 360 to Norton Security; and 2) upgraded libreoffice on the host (choosing the install option for loading in memory). AFTER upgrading to 4.3.30 I did an update of the software on the Ubuntu guest and in the midst of that update I got a BSOD. I was able to access the guest once more but again got a BSOD. After that, I could boot the machine and login but within a few minutes the system would BSOD.

I could boot into safe mode with networking so I set about trying to discover what was causing the BSODs. It took some time to learn how to do this. Using Windows Event Viewer I got a list of "boot-start drivers failed to load":

ATKWMIACPIIO
BHDrvx64
ccSet_NS
discache
eeCtrl
IDSVia64
spldr
SRTSPX
SymIRON
SymNetS
VBoxDrv
VBoxUSBMon

I uninstalled libreoffice and virtualbox. The BSODs continued. The list of drivers no longer included VBoxDrv and VBoxUSBMon but a new driver appeared at the end of the list: wanarpv6.

I did a "clean boot" using msconfig.exe to disable startup programs and limit services in an attempt to narrow down what service/dll was causing the problem. I STILL got BSDs when I eliminated non-Microsoft services, when I disabled the first half of MS services, then half of the remainder, then another half. But with just a few MS services remaining, the BSODs stopped. I added back some of the services, and then some more (trying to narrow down what service had caused the BSODs) but the BSODs never came back even when all of the services were back on!?!?!?!

I found that Windows update has tried to update my system to Win10 and failed (I never asked for Win10! Windows update was apparently going to upgrade me without my consent!). It also did updates (2, I believe) that prepare my system for Win10. I uninstalled these and took steps to prevent an automatic Win10 upgrade.

I also installed some updates that had not been installed:
KB3048761: Info or messages not updated automatically when several windows are displayed in multiple applications (due to memory leak);
KB3075851: Improvements to Windows Update Client;
KB3064209: Intel CPU microcode update.

Then I reinstalled VB 4.3.26 and deleted the guest instance that had failed during update. I updated a different Ubuntu guest without problem. Everything is working fine. System still gets warm (I really need more memory but it is not upgradeable).

While I never tracked down what the actual cause of the problem was, I hope my experience provides some helpful insight to VB devs or users. My speculation on what may have occurred:
1) Changing from Norton 360 to Norton Security mean a re-install that cause some problem with VB hardening.
2) Windows updates that prepared my system for upgrade caused some problem with VB (as Win10 has problems with VB)
3) VB hardening changes in 4.3.30 caused some kind of conflict.
4) Some combination of the above.
wunjo
Posts: 8
Joined: 26. Feb 2015, 15:25
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: most linux

Re: Discussion of Problems due to Hardened Security

Post by wunjo »

Hi you all!

Changing the antivirus from Avast Free to Panda Free solved the hardening problem in my case.
Win 7 pro 64, Vbox 5
rondoval
Posts: 1
Joined: 8. Aug 2015, 11:43

Re: Discussion of Problems due to Hardened Security

Post by rondoval »

1) Windows 10, 32bit, release
2) attached
3) Windows Defender + stock firewall
Attachments
VBoxStartup.zip
(4.8 KiB) Downloaded 30 times
CaptivaKid
Posts: 4
Joined: 12. Aug 2015, 20:32

Re: Discussion of Problems due to Hardened Security

Post by CaptivaKid »

1) Windows 10, 64bit, release
2) attached
3) AVG Internet Security 2015
Attachments
VBoxStartup.zip
(2.67 KiB) Downloaded 37 times
Einsteiner
Posts: 1
Joined: 13. Aug 2015, 15:21

Re: Discussion of Problems due to Hardened Security

Post by Einsteiner »

False hope. deleted. sorry
Last edited by Einsteiner on 13. Aug 2015, 17:42, edited 1 time in total.
CaptivaKid
Posts: 4
Joined: 12. Aug 2015, 20:32

Re: Discussion of Problems due to Hardened Security

Post by CaptivaKid »

Didn't work.
CaptivaKid
Posts: 4
Joined: 12. Aug 2015, 20:32

Re: Discussion of Problems due to Hardened Security

Post by CaptivaKid »

It comes up with the following error message:

LoadLibrary failed with error 1790: The network logon failed.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

@Einsteiner: not every startup failure is caused by hardening, and I am struggling to think of any reason why the hardening checks would be in any way influenced by the privilege level of the user. Hardening checks DLL certification, the certificate in a DLL is the same regardess of whether the current user has admin rights or not.

Privilege levels are there for a reason, it does not seem like a wise move to arbitrarily override them.
CaptivaKid
Posts: 4
Joined: 12. Aug 2015, 20:32

Re: Discussion of Problems due to Hardened Security

Post by CaptivaKid »

What would you recommend, mpack?
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Discussion of Problems due to Hardened Security

Post by mpack »

I have no information on your problem to give. I can only refer you to what the error message itself recommends trying. That and reinstalling VirtualBox using "Run as adminstrator" after rebooting the host.
james_ss
Posts: 1
Joined: 14. Aug 2015, 16:46

Re: Discussion of Problems due to Hardened Security

Post by james_ss »

1) Windows 7, 64bit
2) Attached
3) BullGuard Internet Security v15.1.307.3

Error: Timed out after 60001 ms waiting for child request #1 (CloseEvents) (rc=258)

If 'Security Level' for Antivirus Protection in BullGuard is reduced from 'Optimal' to 'Minimal' then the virtual machines start up without any issues. After the start up error, Windows 7 fails to cleanly shutdown.

Prior to VirtualBox 5.0.0, I had been running 4.3.14. More recent versions started up with 'Optimal' settings in Bullguard but generated warning errors during the start up process so I always ended up reverting to 4.3.14.
Attachments
VBoxStartup.log
(11.15 KiB) Downloaded 33 times
redford1974
Posts: 1
Joined: 17. Aug 2015, 16:42

Re: Discussion of Problems due to Hardened Security

Post by redford1974 »

Windows 8.1 64bit
VirtualBox 5.0.2
SpyShelter 10/Malwarebytes Anti-Malware/Windows Firewall disabled
Attachments
VBoxStartup.zip
(4.33 KiB) Downloaded 29 times
Dee3
Posts: 1
Joined: 19. Aug 2015, 22:13

Re: Discussion of Problems due to Hardened Security

Post by Dee3 »

Windows 8.1 64bit
VirtualBox 5.0.2
Windows Firewall only

Code: Select all

The virtual machine 'Windows XP' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005).

Error code : E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
All VMs do not start on all versions of Virtualbox newer than 4.3.12.
Attachments
VBoxStartup.log
(27.92 KiB) Downloaded 29 times
forderud
Posts: 2
Joined: 15. Jun 2015, 20:44

Re: Discussion of Problems due to Hardened Security

Post by forderud »

System:
* VirtualBox 5.0.2 r102096
* Win7 professional SP1 (x64) - fully patched.
* Intel Core i7-4790 CPU with 32GB RAM
* McAfee VirusScan Enterprise & HostIntrusion Prevention (company managed)

VM startup error:
Error In supR3HardNtChildPurify
supHardenedWinVerifyProcess failed with VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED: (rc=-5673)
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}
Attachments
VBoxStartup.log
(11.65 KiB) Downloaded 24 times
Locked